Paper Info
Title
Analysis of update delays in signature-based network intrusion detection systems
Abstract
Network Intrusion Detection Systems (NIDS) play a fundamental role on security policy deployment and help organizations in protecting their assets from network attacks. Signature-based NIDS rely on a set of known patterns to match malicious traffic. Accordingly, they are unable to detect a specific attack until a specific signature for the corresponding vulnerability is created, tested, released and deployed. Although vital, the delay in the updating process of these systems has not been studied in depth. This paper presents a comprehensive statistical analysis of this delay in relation to the vulnerability disclosure time, the updates of vulnerability detection systems (VDS), the software patching releases and the publication of exploits. The widely deployed NIDS Snort and its detection signatures release dates have been used. Results show that signature updates are typically available later than software patching releases. Moreover, Snort rules are generally released within the first 100 days from the vulnerability disclosure and most of the times exploits and the corresponding NIDS rules are published with little difference. Implications of these results are drawn in the context of security policy definition. This study can be easily kept up to date due to the methodology used.
Year
DOI
Venue
2011
10.1016/j.cose.2011.08.010
Computers & Security
Keywords
Field
DocType
exploit,intrusion detection,vds,vulnerability,nids,snort,nessus,signature update,patch,statistical analysis,security policy
Internet privacy,Network intrusion detection,Software deployment,Computer science,Computer security,Exploit,Anomaly-based intrusion detection system,Software,Security policy,Intrusion detection system,Vulnerability
Journal
Volume
Issue
ISSN
30
8
0167-4048
Citations 
PageRank 
References 
5
0.48
19
Authors
3
Name
Order
Citations
PageRank
Hugo Gascon11717.25
Agustín Orfila218614.24
Jorge Blasco Alís3419.04